# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}

3a: Manually placing wordpress files: place wordpress files into /srv/blog
3b. Automatically downloading wordpress files: Input http://wordpress.org/latest.zip into From URL textbox and click Download and unpack. You will see the download and unpacking process take place. Once complete, close the terminal tab. Then (important!), use File Manager to move files from /srv/blog/wordpress/ to /srv/blog itself.

4. Under Identification page, Create and set a domain entry.

5. Under Content page, Create a new content entry of type PHP.

5a. For enhanced security, add following to Custom configuration:

# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;

6. Under MySQL page, click Create to create a database

7. Click Apply changes

8. Done! Now navigate to http://domain/ and use the DB name, username and password from MySQL page to set up your Wordpress installation.Install the “Nginx Helper” plugin to prevent all of your URLs from starting with index.php/